Unsecure Wi-Fi Chips Leave Phones Vulnerable to Attack; iOS Users Should Install the Latest Update ASAP

Less than a week after Apple released a new security update, they pushed out yet another update. An “emergency patch,” as some publications have referred to it. Why? There’s a significant security issue that could allow an iOS device to be attacked via Wi-Fi.

According to the iOS 10.3.1 update, released on April 3, 2017, “An attacker within range may be able to execute arbitrary code on the Wi-Fi chip.”

The takeaway?  

Run the update ASAP.

Visit Settings —> General —> Software Update to force the update, which is available for iPhone 5 generation and later; iPad 4th generation and later; and iPod touch 6th generation and later.

If you’re the type that wants the nitty gritty tech details, you can read an in-depth explanation from Gal Geniamini of Google Project Zero, who discovered the flaw.

A lot of blog posts you’ll find online about this only talk about iOS devices and how you should “Update your iPhone to avoid being hacked over Wi-Fi”; they fail to mention the vulnerable Wi-Fi chipset is used in both iOS and Android devices.

This well-written piece from Ars Technica makes that clear.

“Google is in the process of releasing an update in its April security bulletin,” writes Ars Technica’s Security Editor Dan Goodin. “The fix is available only to a select number of device models, and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible. Company representatives didn’t respond to an e-mail seeking comment for this post.”

So what do you do if you’re an Android user?

Not much, as it turns out.

“As is all too often the case for Android users, there’s no easy way to get a fix immediately, if at all,” Goodin continues. “That’s because Google continues to stagger the release of its monthly patch bundle for the minority of devices that are eligible to receive it.”

To be specific, the problem lies with the Broadcom chips. Not all phones use these chips. A by-no-means-exhaustive list of phones affected include the Nexus 5, 6 and 6P, most Samsung flagship devices and all iPhones since the iPhone 4.

Basically the usual advice of being very careful which Wi-Fi networks you connect to still applies, but as one commenter to the ARS Technica story points out, “it may not be enough to stop everything.”

 


Are you covered for identity theft?

Get Covered

Image: Unsplash